|
|
|
|
|
|
by hombre_fatal
2309 days ago
|
|
|
This kind of thinking is how your users end up getting emails from your buggy service like "Hello Østein & friends, ..." and your JSON API consumers encounter the same silly output. Don't escape input. Escape based on output. Escaping doesn't mean anything until you've also specified an output format. It's not always HTML. |
|
|